Description

Ghostty is a cross-platform terminal emulator. Ghostty allows control characters such as 0x03 (Ctrl+C) in pasted and dropped text. These can be used to execute arbitrary commands in some shell environments. This attack requires an attacker to convince the user to copy and paste or drag and drop malicious text. The attack requires user interaction to be triggered, but the dangerous characters are invisible in most GUI environments so it isn't trivially detected, especially if the string contents are complex. Fixed in Ghostty v1.3.0.

INFO

Published Date :

2026-03-09T21:14:27.693Z

Last Modified :

2026-03-10T15:03:53.041Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-26982 vulnerability.

Vendors Products
Ghostty
  • Ghostty
Ghostty-org
  • Ghostty
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-26982.

URL Resource
https://github.com/ghostty-org/ghostty/commit/fe7427ed2a1a02aef85495b384cfb8f11ee5efc9 cve-icon cve-icon
https://github.com/ghostty-org/ghostty/pull/10746 cve-icon cve-icon
https://github.com/ghostty-org/ghostty/security/advisories/GHSA-4jxv-xgrp-5m3r cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact